2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,101–1,150 of 1,546 in Other · page 23 of 31
| ID | Title | Summary |
|---|---|---|
| Storm-1044 | Storm-1044 | Storm-1044 has been identified as part of a cyber campaign in collaboration with Twisted Spider. They employ a strategic approach, targeting specific endpoints… |
| STORM-1044 | Storm-1044 | Storm-1044 has been identified as part of a cyber campaign in collaboration with Twisted Spider. They employ a strategic approach, targeting specific endpoints… |
| STORM-1084 | Storm-1084 | Storm-1084 is a threat actor that has been observed collaborating with the MuddyWater group. They have used the DarkBit persona to mask their involvement in ta… |
| STORM-1099 | Storm-1099 | Storm-1099 is a sophisticated Russia-affiliated influence actor that has been conducting pro-Russia influence operations targeting international supporters of … |
| Storm-1101 | Storm-1101 | DEV-1101 is a threat actor tracked by Microsoft who is responsible for developing and advertising phishing kits, specifically AiTM phishing kits. These kits ar… |
| STORM-1101 | Storm-1101 | DEV-1101 is a threat actor tracked by Microsoft who is responsible for developing and advertising phishing kits, specifically AiTM phishing kits. These kits ar… |
| Storm-1113 | Storm-1113 | Storm-1113 is a threat actor that acts both as an access broker focused on malware distribution through search advertisements and as an “as-a-service” entity p… |
| STORM-1113 | Storm-1113 | Storm-1113 is a threat actor that acts both as an access broker focused on malware distribution through search advertisements and as an “as-a-service” entity p… |
| STORM-1133 | Storm-1133 | In early 2023, Microsoft In early 2023, observed a wave of activity from a Gaza-based group that we track as Storm-1133 targeting Israeli private sector energy… |
| STORM-1152 | Storm-1152 | Storm-1152, a cybercriminal group, was recently taken down by Microsoft for illegally reselling Outlook accounts. They operated by creating approximately 750 m… |
| STORM-1167 | Storm-1167 | Storm-1167 is a threat actor tracked by Microsoft, known for their use of an AiTM phishing kit. They were responsible for launching an attack that led to Busin… |
| STORM-1175 | Storm-1175 | Storm-1175 is a cybercriminal group known for deploying Medusa ransomware and exploiting public-facing applications for initial access. They have been observed… |
| Storm-1283 | Storm-1283 | Storm-1283 is a threat actor that targeted Microsoft Azure cloud platform. They gained access to user accounts and created OAuth applications using stolen cred… |
| STORM-1283 | Storm-1283 | Storm-1283 is a threat actor that targeted Microsoft Azure cloud platform. They gained access to user accounts and created OAuth applications using stolen cred… |
| Storm-1286 | Storm-1286 | Storm-1286 is a threat actor that engages in large-scale spamming activities, primarily targeting user accounts without multifactor authentication enabled. The… |
| STORM-1286 | Storm-1286 | Storm-1286 is a threat actor that engages in large-scale spamming activities, primarily targeting user accounts without multifactor authentication enabled. The… |
| Storm-1295 | Storm-1295 | Storm-1295 is a threat actor group that operates the Greatness phishing-as-a-service platform. They utilize synchronous relay servers to present targets with a… |
| STORM-1295 | Storm-1295 | Storm-1295 is a threat actor group that operates the Greatness phishing-as-a-service platform. They utilize synchronous relay servers to present targets with a… |
| STORM-1516 | Storm-1516 | CopyCop is a Russian covert influence network that has established over 300 fictional media websites targeting the US, France, Canada, and other countries, pri… |
| Storm-1567 | Storm-1567 | Storm-1567 is the threat actor behind the Ransomware-as-a-Service Akira. They attacked Swedish organizations in March 2023. This ransomware utilizes the ChaCha… |
| STORM-1567 | Storm-1567 | Storm-1567 is the threat actor behind the Ransomware-as-a-Service Akira. They attacked Swedish organizations in March 2023. This ransomware utilizes the ChaCha… |
| Storm-1575 | Storm-1575 | Storm-1575 is a threat actor identified by Microsoft as being involved in phishing campaigns using the Dadsec platform. They utilize hundreds of Domain Generat… |
| STORM-1575 | Storm-1575 | Storm-1575 is a threat actor identified by Microsoft as being involved in phishing campaigns using the Dadsec platform. They utilize hundreds of Domain Generat… |
| Storm-1674 | Storm-1674 | Storm-1674 is an access broker known for using tools based on the publicly available TeamsPhisher tool to distribute DarkGate malware. Storm-1674 campaigns hav… |
| STORM-1674 | Storm-1674 | Storm-1674 is an access broker known for using tools based on the publicly available TeamsPhisher tool to distribute DarkGate malware. Storm-1674 campaigns hav… |
| STORM-1679 | Storm-1679 | Storm-1679 is a Russian disinformation group believed to be a spinoff of the Internet Research Agency, actively engaged in influence operations targeting the I… |
| Storm-1747 | Storm-1747 | Storm-1747 is an intrusion set that develops and operates the Tycoon 2FA phishing kit, which has been active since at least mid-2023 and is known for its sophi… |
| STORM-1747 | Storm-1747 | Storm-1747 is an intrusion set that develops and operates the Tycoon 2FA phishing kit, which has been active since at least mid-2023 and is known for its sophi… |
| Storm-1849 | Storm-1849 | UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabi… |
| STORM-1849 | Storm-1849 | UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabi… |
| Storm-1977 | Storm-1977 | Storm-1977 is a sophisticated threat actor that conducts password-spraying attacks targeting cloud tenants, particularly in the education sector, utilizing the… |
| STORM-1977 | Storm-1977 | Storm-1977 is a sophisticated threat actor that conducts password-spraying attacks targeting cloud tenants, particularly in the education sector, utilizing the… |
| STORM-2077 | Storm-2077 | TAG-100 is a cyber-espionage APT that targets government and private sector organizations globally, exploiting vulnerabilities in internet-facing devices such … |
| Storm-2139 | Storm-2139 | Storm-2139 is a cybercrime group that exploited stolen API keys from compromised Azure OpenAI Service accounts to generate harmful content, including non-conse… |
| STORM-2139 | Storm-2139 | Storm-2139 is a cybercrime group that exploited stolen API keys from compromised Azure OpenAI Service accounts to generate harmful content, including non-conse… |
| STORM-2372 | Storm-2372 | Storm-2372 is a suspected nation-state actor aligned with Russian interests, engaging in device code phishing campaigns targeting governments, NGOs, and variou… |
| Storm-2460 | Storm-2460 | Storm-2460 is a threat actor that has exploited elevation of privilege vulnerabilities to deploy PipeMagic malware and ransomware, enabling them to escalate ac… |
| STORM-2460 | Storm-2460 | Storm-2460 is a threat actor that has exploited elevation of privilege vulnerabilities to deploy PipeMagic malware and ransomware, enabling them to escalate ac… |
| Storm-2561 | Storm-2561 | Storm-2561 is a cybercriminal threat actor known for a credential theft campaign that employs SEO poisoning to distribute fake VPN clients. The campaign redire… |
| STORM-2561 | Storm-2561 | Storm-2561 is a cybercriminal threat actor known for a credential theft campaign that employs SEO poisoning to distribute fake VPN clients. The campaign redire… |
| STORM-2603 | Storm-2603 | The group Microsoft tracks as Storm-2603 is assessed with medium confidence to be a China-based threat actor. Microsoft has not identified links between Storm-… |
| Storm-2657 | Storm-2657 | Storm-2657 is a financially motivated threat actor targeting US-based organizations, particularly in higher education, to compromise employee accounts and redi… |
| STORM-2657 | Storm-2657 | Storm-2657 is a financially motivated threat actor targeting US-based organizations, particularly in higher education, to compromise employee accounts and redi… |
| STORM-2949 | Storm-2949 | Storm-2949 is a sophisticated threat actor that exploited Microsoft’s Self-Service Password Reset process to compromise high-value accounts, primarily targetin… |
| StucxTeam | StucxTeam | Stucx is a threat actor known for targeting Israeli systems, including SCADA systems and the Red Alert missile protection system. Stucx Team has also developed… |
| STUCXTEAM | StucxTeam | Stucx is a threat actor known for targeting Israeli systems, including SCADA systems and the Red Alert missile protection system. Stucx Team has also developed… |
| SUNGLOW-BLIZZARD | Sunglow Blizzard | DEV-0665 is a threat actor associated with the HermeticWiper attacks. Their objective is to disrupt, degrade, and destroy specific resources within a targeted … |
| Swan Vector | Swan Vector | Seqrite Labs APT-Team has recently uncovered a campaign which we have termed as Swan Vector, that has been targeting the nations across the East China sea such… |
| SWAN-VECTOR | Swan Vector | Seqrite Labs APT-Team has recently uncovered a campaign which we have termed as Swan Vector, that has been targeting the nations across the East China sea such… |
| SWEED | SWEED | Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable… |